PROCEDURE AND ARCHITECTURE FOR THE PROTECTION OF REAL TIME DATA

US 20100180123A1
Filed: 06/10/2008
Published: 07/15/2010
Est. Priority Date: 06/11/2007
Status: Active Grant

First Claim

Patent Images

1. A method for safeguarding authenticity, integrity and confidentiality of real-time data in a distributed real-time system, comprising a plurality of computers, whereby each computer can periodically send real-time messages with real-time data to the other computers, and whereby one computer takes over the role of a security server, and another computer assumes the role of a certification authority that establishes the authenticity of the public key of a computer, and where all computers have access on a common sparse time base, and where each computer has at least one private asymmetric key available for creation of a signature that is required for checking the authenticity and integrity of the signed data structure, which can be requested from the certification authority.whereina secure startup protocol with a long asymmetric key pair is processed with the certification authority immediately after power-up of a computer, and where short asymmetric key pairs are used for safeguarding the authenticity and integrity of the real-time data in real-time operation after the end of the startup phase, whereby the key pairs are changed frequently, and whereby confidentiality is ensured with asymmetric key pairs based on the secured authenticity and integrity of the data, whereby the length of the key used depends on the period of time during which the confidentiality of the real-time data must be ensured.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The object of the present invention is to safeguard the authenticity and integrity of real-time data in a distributed real-time computer system. The present invention considers other requirements of real-time data processing, such as the timeliness of real-time data transmission and limited resource availability. Frequent modification of an asymmetric key pair hinders intruders from cracking a key before its validity has expired. The present method can also be extended to safeguard the confidentiality of real-time data. It can be implemented efficiently on a multiprocessor system-on-chip (MPSoC).

30 Citations

View as Search Results

18 Claims

1. A method for safeguarding authenticity, integrity and confidentiality of real-time data in a distributed real-time system, comprising a plurality of computers, whereby each computer can periodically send real-time messages with real-time data to the other computers, and whereby one computer takes over the role of a security server, and another computer assumes the role of a certification authority that establishes the authenticity of the public key of a computer, and where all computers have access on a common sparse time base, and where each computer has at least one private asymmetric key available for creation of a signature that is required for checking the authenticity and integrity of the signed data structure, which can be requested from the certification authority.whereina secure startup protocol with a long asymmetric key pair is processed with the certification authority immediately after power-up of a computer, and where short asymmetric key pairs are used for safeguarding the authenticity and integrity of the real-time data in real-time operation after the end of the startup phase, whereby the key pairs are changed frequently, and whereby confidentiality is ensured with asymmetric key pairs based on the secured authenticity and integrity of the data, whereby the length of the key used depends on the period of time during which the confidentiality of the real-time data must be ensured.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17)
- - 2. The method as recited in claim 1, wherein after the end of the startup phase immediately after acquisition of the real-time data of an observation, a real-time message that contains the observation in plain text will be composed and sent, and where the next periodic real-time message contains a signature for the observation conveyed in the preceding real-time message, whereby this signature is created through the use of the private key known only to the sending computer and can be checked against the associated public key.
  - 3. The method as recited in claim 1, wherein a dedicated process in one of the computers receiving the data uses the public key to determine whether the data received in one period matches the signature associated with the data received in the next period.
  - 4. The method as recited in claim 1, wherein the public key for checking the integrity and authenticity of the data of a real-time message is a portion of the real-time message.
  - 5. The method as recited in claim 1, wherein the dedicated process that undertakes the checking of the real-time data checks whether the public key contained in a real-time message is authentic through communication with the certification authority.
  - 6. The method as recited in claim 1, wherein the private key for creating the signature and the public key for checking the signature are continually changed during real-time operation.
  - 7. The method as recited in claim 1, wherein, as soon as the time period for a real-time operation is completed, a sending process generates a new asymmetric key pair in the background and announces the new public key including the time point when its validity period begins in a plurality of real-time messages signed with the old key prior to the expiration of the old key'"'"'s validity, and where the sending process uses the private portion of the key known only to itself to create the signature starting from the given time point when the validity period begins.
  - 8. The method as recited in claim 1, wherein, immediately after power-up of a computer, this computer send an initialization message with its sender identification to the certification authority, and where the certification authority checks whether this sender identification is contained in its a priori known system configuration, and whereby with a positive outcome for the check, the certification authority responds with an Ack-Init message that contains the current time, the current public key for checking the signature of a time server and a signature that is created with the private portion of a long asymmetric Ack-Init key pair, and where the private portion of the Ack-Init key pair is implemented in the certification authority in a tamper-proof manner, and where the computer knows a priori the public portion of the Ack-Init key pair for checking the signature of the Ack-Init message, and where the computer uses this key to check whether the signature and the content of the Ack-Init message are in agreement, and where the computer further checks whether the time contained in the Ack-Init message agrees with the secure time from the time server, and in the case the result of these check is positive the computer responds to the certification authority with a startup message, whereby the startup message contains the sender ID of the computer, the public key to be used for checking the signature of the messages produced by the computer immediately after startup, and the time point from which this key is to be used, and where the safeguarding of authenticity and integrity takes place through a signature created by the computer using a long asymmetric startup key pair, whereby the private portion of this key pair is stored in computer in a tamper-proof manner, and where the association between the sender ID and the public portion of this startup key pair is known a priori by the certification authority to be secure, and where these associations are stored in the certification authority in a tamper-resistant manner, and where the certification authority responds with a startup Ack message before the computer begins with normal real-time processing.
  - 9. The method as recited in claim 1, wherein a trusted security center of the certification authority communicates via a secure channel the association between the sender ID stored in a tamper-proof manner in computer and the public key to be used after startup for checking the signature of the sender'"'"'s message, whereby the private portion of this key is stored in a tamper-proof manner in computer.
  - 10. The method as recited in claim 1, wherein a sending computer uses the bit pattern of the time point for beginning the creation of a new key as the starting value for the calculation of a new random number.
  - 11. The method as recited in claim 1, wherein for the confidential transmission of data on a computer this computer sends to the sender of the confidential data the public portion of an asymmetric key pair corresponding to the method as recited in claim 1, where said sender then generates a private text using the received key and sends it back to the computer that sent the public portion of an asymmetric key pair.
  - 12. The method as recited in claim 1, wherein the sender of confidential data allows the length of the key used for encryption of the data depend on the period of time during which the data is to be treated as confidential.
  - 16. The distributed real-time system as recited in claim 1, wherein the security server periodically sends an encrypted real-time message to the certification agency that contains the results of checking sensitive messages within the previous period.
  - 17. The distributed real-time system as recited in claim 1, wherein the current time value, the signature of the time value and the public key for checking the signature are transmitted in a single synchronization message.

13. A distributed real-time system comprising a plurality of computers that are linked to a central switch and where each computer can send periodic real-time messages with real-time data to the other computers, and where a distinction is made between sensitive and non-sensitive real-time messages, and where the sensitive real-time messages that contain sensitive real-time data are recognized through an a priori specified identification in the data field, and where all computers have access to a common sparse time base and where each computer is provided with a minimum of one private asymmetric key for creating a signature for a data structure, and where the key for checking the signature is known to the public,whereinthe switch sends all sensitive real-time messages, in addition to the recipients mentioned therein, to a specified computer, the so-called security server.
- View Dependent Claims (14, 15, 18)
- - 14. The distributed real-time system as recited in claim 13, wherein the sender of the sensitive real-time messages to the specified computer through the switch is designed to be tamper resistant.
  - 15. The distributed real-time system as recited in claim 13, wherein the security server checks the authenticity and integrity of the sensitive real-time messages it receives from the switch using a method for safeguarding authenticity, integrity and confidentiality of real-time data in a distributed real-time system, comprising a plurality of computers, whereby each computer can periodically send real-time messages with real-time data to the other computers, and whereby one computer takes over the role of a security server, and another computer assumes the role of a certification authority that establishes the authenticity of the public key of a computer, and where all computers have access on a common sparse time base, and where each computer has at least one private asymmetric key available for creation of a signature that is required for checking the authenticity and integrity of the signed data structure, which can be requested from the certification authority,whereina secure startup protocol with a long asymmetric key pair is processed with the certification authority immediately after power-up of a computer, and where short asymmetric key pairs are used for safeguarding the authenticity and integrity of the real-time data in real-time operation after the end of the startup phase, whereby the key pairs are changed frequently, and whereby confidentiality is ensured with asymmetric key pairs based on the secured authenticity and integrity of the data, whereby the length of the key used depends on the period of time during which the confidentiality of the real-time data must be ensured.
  - 18. A multiprocessor system-on-chip (MPSoC) with a distributed real-time system as recited in claim 13 implemented thereon, whereby a network on chip of the MPSoC takes over the role of the switch, the function of the computers of the distributed real-time system is taken over by the cores of the MPSoC, and the Security Server is a dedicated core of the MPSoC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TTTech Computertechnik AG
Original Assignee
FTS Computertechnik GmbH
Inventors
Kopetz, Hermann

Granted Patent

US 8,464,065 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/12   Applying verification of th...

H04L 63/1408   by monitoring network traff...

H04L 9/3249   using RSA or related signat...

H04L 9/3263   involving certificates, e.g...

PROCEDURE AND ARCHITECTURE FOR THE PROTECTION OF REAL TIME DATA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

PROCEDURE AND ARCHITECTURE FOR THE PROTECTION OF REAL TIME DATA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links